Using the developer GraphQL API

The developer GraphQL API provides a convenient way to access the API for developers who are developing for Totara. It is not designed to be used for production, and should be disabled on production sites.

Enabling the developer API

It is not necessary to enable the developer API for the other GraphQL endpoints to work.

The developer API is disabled by default. To enable it, you must add the following into your site's config.php file (anywhere above the final line that includes setuplib.php):

define('GRAPHQL_DEVELOPMENT_MODE', true);

When the developer API is disabled you will receive blank responses from requests to the developer API endpoint.

Endpoint

The developer API endpoint is located at:

https://YOUR-SITE-URL/totara/webapi/dev_graphql_executor.php

See Making developer requests via a GraphQL client for information on how to make requests using different API clients.

Schema

The developer API is unique from other APIs in that its schema is the amalgamation of all the other GraphQL schemas. Therefore, any service that is available in any of the other endpoints will be available in the developer schema. This allows you to test any functionality in one place.

The developer schema can be accessed as a raw file at the following URL (if the developer API has been enabled):

https://YOUR-SITE-URL/totara/webapi/dev_graphql_schema.php

The developer API endpoint also supports introspection, so GraphQL clients can query the endpoint itself for information about its structure and documentation.

Authentication

The developer API works the same as the AJAX API (authentication via session token in web cookie), with the exception that the CSRF token is not required for the developer API.

Therefore, you can make raw authenticated requests as follows:

curl 'https://YOUR-SITE-URL/totara/webapi/dev_graphql_executor.php' \
  -H 'Cookie: TotaraSession=SESSION-COOKIE-HERE' \
  -H 'content-type: application/json' \
  --data-raw '{"operationName":"totara_webapi_status","variables":{} }'

and unauthenticated requests for nosession operations via:

curl 'https://YOUR-SITE-URL/totara/webapi/dev_graphql_executor.php' \
  -H 'content-type: application/json' \
  --data-raw '{"operationName":"core_lang_strings_nosession","variables": {"lang":"en","ids":["add_activity, perform"]} }'

See Making developer requests via a GraphQL client for how to set up GraphQL clients for a better development experience.